LDAP authentication to two different DNs?


Within our organization, we have two distinct sets of users in our LDAP directory, and I’d like all of them to be able to log in and authenticate against our central server. That means that I need to search in both



In another system I use, I just try the first, and if that fails I try the second. I can’t seem to find a way to do this in openfire.

Can someone tell me if this is possible, and, if so, how it is done?



Hey David,

I just went through this today for a client. Basically, there are two options:

  1. Consolidate OU structure (top level)
  2. Use the entire domain as the base DN (dc=domain,dc=com) and filter it so that only users that are in a particular group (i.e. OpenFireUsers or All Users) are loaded into OpenFire. This is the method that I used. I have users in multiple OUs; but unless they are in my OpenFireUsers group, they do not actually get access to use it.
    Since you want all users to be able to logon, you may just use “domain users”; but I did not since I didn’t want my service accounts, etc also being loaded.

Here is a great little forum post that I found to set up the filter during install:

Let me know if this helps you.